在RHEL6.5的環境下,安裝FreeIPA後Named service無法啟動。錯誤如下:
Configuring DNS (named)
[1/9]: adding DNS container
[2/9]: setting up our zone
[3/9]: setting up reverse zone
[4/9]: setting up our own record
[5/9]: setting up kerberos principal
[6/9]: setting up named.conf
[7/9]: restarting named
named service failed to start
[8/9]: configuring named to start on boot
[9/9]: changing resolv.conf to point to ourselves
Done configuring DNS (named).
檢查
/var/log/message
, 顯示如下:
Oct 24 19:15:46 ipa named-sdb[10721]: Failed to parse the principal name DNS/ipa.xionghuilin.com (Configuration file does not specify default realm)
Oct 24 19:15:46 ipa named-sdb[10721]: loading configuration: failure
Oct 24 19:15:46 ipa named-sdb[10721]: exiting (due to fatal error)
參考這個連結, 這個問題的原因可能是chroot導緻的某些檔案無法正确讀取, 标準的解決方案是Howto/FreeIPA with integrated BIND inside chroot,簡單的解決方案是解除安裝bind-chroot軟體包。
[[email protected] ~]# yum remove bind-chroot
Loaded plugins: fastestmirror, product-id, subscription-manager
[Errno -2] Name or service not known
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.i686 32:9.8.2-0.23.rc1.el6_5.1 will be erased
--> Finished Dependency Resolution
http://vault.centos.org/6.5/os/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'vault.centos.org'"
Trying other mirror.
http://vault.centos.org/6.5/extras/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'vault.centos.org'"
Trying other mirror.
http://vault.centos.org/6.5/updates/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'vault.centos.org'"
Trying other mirror.
Dependencies Resolved
=============================================================================================================================================================================================
Package Arch Version Repository Size
=============================================================================================================================================================================================
Removing:
bind-chroot i686 32:9.8.2-0.23.rc1.el6_5.1 @update 0.0
Transaction Summary
=============================================================================================================================================================================================
Remove 1 Package(s)
Installed size: 0
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Erasing : 32:bind-chroot-9.8.2-0.23.rc1.el6_5.1.i686 1/1
Loading mirror speeds from cached hostfile
Verifying : 32:bind-chroot-9.8.2-0.23.rc1.el6_5.1.i686 1/1
Removed:
bind-chroot.i686 32:9.8.2-0.23.rc1.el6_5.1
Complete!
解除安裝bind-chroot軟體包後重新啟動named
[[email protected] ~]# service named status
rndc: connect failed: 127.0.0.1#953: connection refused
named-sdb is stopped
[[email protected] ~]# service named start
Starting named: [ OK ]
[[email protected] ~]# service named status
version: 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1
CPUs found: 2
worker threads: 2
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named-sdb (pid 658) is running...
[[email protected] ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5 (Santiago)
[[email protected] ~]#
[[email protected] ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[[email protected] ~]#
Reference
freeipa(1)伺服器搭建
Bug 742875 - named fails to start after installing ipa server when short hostname preceeds fqdn in /etc/hosts.
RedHat搭建IPA-Server
Re: [Freeipa-users] RHEL 6.4 , IPA 3.0 and bind-chroot
Howto/FreeIPA with integrated BIND inside chroot
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)